contents

software
 
McAfee Protects Against New Mac Os X Exploits and Viruses

McAfee, Inc. has announced that it provides protection from attacks targeting the newly discovered Apple Mac OS X Command Execution Vulnerability and the recent worms targeting the Mac OS X platform, including OSX/Inqtana.a and OSX/Leap. While McAfee AVERT Labs has traditionally viewed Mac threats as a non-issue and rates the worms Low-Profile at this time, it does believe these threats demonstrate a renewed interest by the malware authoring community in the Mac OS platform.

The Apple Mac OS X Command Execution Vulnerability, which was discovered February 21 by Michael Lehn, is a critical vulnerability that exists when accessing specially crafted files. Both proof of concept exploits and malicious exploit code are public, and a patch is not yet available. Apple Mail and Safari have been identified as attack vectors for this vulnerability.

OSX/Inqtana.a, which was discovered February 18, is a proof of concept worm that exploits an Apple Mac OS X Directory traversal vulnerability in the Bluetooth file and object exchange services (CVE-2005-1333). This worm spreads over the Bluetooth OBEX Push service, which typically requests the user to accept a file transfer over Bluetooth. It also exploits a directory traversal vulnerability in Mac OS X to install and auto-start the worm on the infected machine. Users are advised not to accept requests from unknown devices.

OSX/Leap, which was discovered February 16, is an instant messaging worm propagating via iChat on PowerPC-based machines running Mac OS X. The worm sends itself to people on the user's buddy list in the form of a .tgz archive and attempts to masquerade as a jpeg image file to trick the user into executing it. OSX/Leap requires user interaction in order to infect a machine.

McAfee Virex for Macintosh offers protection against OSX/Inqtana.a and OSX/Leap, and the known exploits targeting the unpatched Command Execution vulnerability. McAfee Virex, designed for the Mac OS X operating system provides real-time prevention of viruses, worms, Trojans and other potentially unwanted programs across their Macintosh and heterogeneous environments.

McAfee Virex customers have been protected from OSX/Leap since the 4698 DAT files. Specific named detection as OSX/Inqtana.a has been available since the 4701 DAT release of February 20. McAfee AVERT Labs recommends all customers ensure they are running the latest DAT release and schedule full system scans to insure an infection-free environment.

Until there is a patch released for the Apple Mac OS X Command Execution Vulnerability, McAfee AVERT Labs advises Mac OS X users to exercise caution when downloading files from the web and accessing email attachments. Safari users should uncheck the option to "Open 'safe' files after downloading" and users should not open email attachments that they were not expecting.

McAfee AVERT Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in thirteen countries on five continents. McAfee AVERT Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield, McAfee Entercept, McAfee Foundstone Research, and McAfee Foundstone Professional Services organizations. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of itsresearchers.

More information on OSX/Inqtana.a, OSX/Leap and the cures for these worms can be found online athttp://vil.mcafee.com.



write your comments about the article :: © 2006 Computing News :: home page